OS X and File Quarantine
June 2, 2011
Posted by on
File Quarantine is the security protection built into OS X 10.5 (Leopard) and 10.6 (Snow Leopard), which performs security on files downloaded using Apple’s Safari, iChat and Mail.
On Leopard File Quarantine guards the files that are downloaded and warns the user when they try running the file that it was downloaded from the Internet. Logged with the file is details of the website the file was downloaded from, so that the user can check that it is a legitimate file / application before they run it.
The concept was beefed up with Snow Leopard, where the introduction of malware definitions was included. These definitions are used to detect known malware when the file is downloaded, saving users from accidentally installing a malicious application onto their system.
Recently Apple released an update for Snow Leopard ( available from 01/06/2011 via System Update) to File Quarantine which includes definitions of the recent MacDefender malware (and variants) and they have taken the wise move to allow Snow Leopard to run a daily check for any updates to the File Quarantine definitions, so that users are protected (as much as possible) from such risks in the future.
I would like to make it clear that other applications may also have been written to take advantage of the File Quarantine facility within Leopard and Snow Leopard, but it is advisable to check before running any files downloaded using these applications and always to think before you download applications from unknown websites.
With the development of the Apple App store for OS X, Apple is clearly trying to provide a safe and secure method for software vendors to provide vetted applications to users and users to find trusted applications. Whilst there will still be vendors creating software and distributing the software outside the App Store, users should be aware of the risks involved and take appropriate action.